Responsible disclosure

If you find a security issue, please report it privately before sharing details publicly. Include the affected route or component, reproduction steps, likely impact, and any relevant logs or screenshots.

Contact: alan@appassist.ai

We prioritize reports involving authentication bypass, node-token compromise, forged work packets, admin access, data leakage, unrestricted resource consumption, or worker safety issues.